What Have You Got to Lose? A Case for Building Your Threat Model

We now rely on connectivity for so much that we we forget that every application or appliance is like an open window or door. Internet connections seem obvious, but smartphone apps, printers and Wi-Fi routers also present possible soft areas to allow attackers into your world. Avoid a digital disaster by proactively analyzing the integrity of your network and creating a threat model.

New cyberthreats appear with every innovation, according to GovLoop’s Irene Koo. But within that daunting landscape of dangers are solutions that begin with a holistic and human approach to cybersecurity. You can design a threat model that anticipates behaviors and processes that could be leaving your network vulnerable to attacks.

What is a Threat Model?

A Threat Model is a document that lists the digital assets that need protecting, notes possible threats to them, considers the risk factors and evaluates the success of the model based on testing or post-event status.

To get started, make a chart of your assets. For example, in a typical office, there might be workstations connected to a server, a router and a printer, all joined together internally. Each computer will be running some type of software and downloading emails or accessing cloud-based systems. These are only examples, and you may find your threat model is either more simple or complex depending on setup.

Examine your assets for vulnerabilities

The computer and server assets could have weak passwords, outdated operating systems, lack of intrusion protection (anti-malware program and/or firewall), unpatched productivity software (such as word processing, graphics or spreadsheet programs), or uninstalled firmware updates (firmware is software that controls hardware, such as the memory chip in a computer).

In your mind, some threats will seem more likely than others: the likelihood of someone in the company trying to get into a co-worker’s computer may be small, but it still exists. Adopt a policy that not only calls for strong passwords, but sets security policies by organizational structure. Audit these policies on a regular basis. Make sure that system protection and all software (including firmware) is up to date.

Routers and printers can be vulnerable when we leave the default administrator passwords unchanged. Each manufacturer has a typical setup, and someone with that information can take over these machines without your knowing it. The same goes for webcams and many IoT (Internet of Things) devices. During setup, consult the documentation to change this information and keep it secure.

Protect the fort with Transport Layer Security (TLS)

Protect sites and portals with Transport Layer Security (TLS). This requires encryption (encoding to make data unreadable) and the exchange of public and private “keys” in order to make the connection. The public keys encrypt information and allow your computer (or device) and the server to communicate securely, while private keys provide the only way for either side to decrypt, or translate, the information going back and forth. This process is very intricate.

It is now very common for employees to telework using tablets, smartphones, laptops or desktops. Secure them with passcodes and security programs that watch for network intrusions and untoward behavior. Outside of the office, make sure you are in a secure environment before starting your work. When using web portals, check for “HTTPS” which stands for Hyper Text Transfer Protocol Secure. In the address bar of your web browser, you will see a green lock that is in a closed position. Click the lock to see confirmation of a secured connection and digital certificate details.

If you are managing IT, provide light training to all staff members to help them look for this setup. This instruction should be part of the onboarding process through Human Resources as well. The Library Freedom Project, dedicated to fostering greater security for library patrons, provides a straightforward mobile privacy toolkit that you may find useful.

What have you got to lose?

Be sure that your network threat model takes the consequences of loss into account. This will help you plan for the worst-case scenario. Establish procedures that mitigate further damage. You must also notify customers or clients whose information has been exposed. Very recently, British Airways was the target of a credit card skimming operation.  The company reached out to its affected customers to inform them of the breach and advised others who would like assurance to monitor their accounts and consult with their financial institutions.

While British Airways serves over 45 million clients, 380,000 transactions (less than 1 percent) were involved in the skim. If the airline is found to have not complied with The European Union’s General Data Protection Regulation (GDPR, 2018), it could face fines of up to 4 percent of its global annual revenue. The GDPR oversees how private information of European Union citizens is gathered, stored, shared and protected.

On a side note, United States citizens may be familiar with HIPAA (the Health Insurance Portability and Accountability Act of 1996). HIPAA requires that all agencies and businesses that collect patient information safeguard the confidentiality of medical, personal and financial data. Also, the Children’s Online Privacy Protection Rule (COPPA, 1998) protects the privacy of children under 13. There are a number of other U.S. data privacy regulations,  but the EU’s GDPR offers more of a “one-stop” protection. Actually, we may all benefit from the GDPR because websites and cloud-based services have global reach. Many agencies and companies tend to comply to assure a potentially worldwide audience.

Get 7 quick steps to building your threat model

You may have the beginnings of a good network threat model if you follow through with extra steps. Most people already try to protect entry and exit points, which makes sense. But intruders rely on absent-mindedness, confidence games and the uninitiated to find a way around not having an invitation inside. Because of this, you should invest the time it takes to examine your system and how to protect it. Security Innovation security engineer Geoffrey Vaughn uncovers the weaknesses in the technologies we depend on, and in the article “Creating Your Own Personal Threat Model,” he shares seven steps to fortifying your environment.

“Your personal threat model is something you develop and refine over time to evaluate the risks associated with protecting your most valuable assets,” he states. He then shares recommended steps to build your own threat model with a sample diagram.

Work with your IT team to develop your own plan, share it with the staff, and review and revise as necessary. The number of cyberthreats out there is overwhelming. Sincere thought and effort towards designing your threat model could stand between you and a data disaster.

Anita Davis is part of the GovLoop Featured Contributor program, where we feature articles by government voices from all across the country (and world!). To see more Featured Contributor posts, click here.

Leave a Comment


Leave a Reply

Catherine Andrews

A really thoughtful and clear approach on why threat models and designing them are important in government today. Thanks, Anita!